strongswan.git
8 years agoadded EAP-PEAP options to strongswan.conf
Andreas Steffen [Wed, 6 Apr 2011 18:08:56 +0000 (20:08 +0200)]
added EAP-PEAP options to strongswan.conf

8 years agodefine MSCHAPv2 as default phase2 algorithm for EAP-PEAP
Andreas Steffen [Wed, 6 Apr 2011 18:07:59 +0000 (20:07 +0200)]
define MSCHAPv2 as default phase2 algorithm for EAP-PEAP

8 years agoadded ikev2/rw-eap-peap-mschapv2 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:58 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-mschapv2 scenario

8 years agoadded ikev2/rw-eap-peap-md5 scenario
Andreas Steffen [Wed, 6 Apr 2011 17:44:30 +0000 (19:44 +0200)]
added ikev2/rw-eap-peap-md5 scenario

8 years agoadded ikev2/rw-eap-peap-radius scenario
Andreas Steffen [Wed, 6 Apr 2011 17:42:52 +0000 (19:42 +0200)]
added ikev2/rw-eap-peap-radius scenario

8 years agoallow multi-pass authentication schemes as e.g. MSCHAPv2
Andreas Steffen [Wed, 6 Apr 2011 17:39:00 +0000 (19:39 +0200)]
allow multi-pass authentication schemes as e.g. MSCHAPv2

8 years agodisplay EAP identifiers in HEX format
Andreas Steffen [Wed, 6 Apr 2011 15:34:27 +0000 (17:34 +0200)]
display EAP identifiers in HEX format

8 years agono EAP identifier offset required in build() function
Andreas Steffen [Wed, 6 Apr 2011 15:33:01 +0000 (17:33 +0200)]
no EAP identifier offset required in build() function

8 years agoadded missing function pointers in eap_identity_create_server()
Andreas Steffen [Wed, 6 Apr 2011 13:47:49 +0000 (15:47 +0200)]
added missing function pointers in eap_identity_create_server()

8 years agoimplemented the PEAP tunneling protocol as an EAP plugin
Andreas Steffen [Wed, 6 Apr 2011 12:42:02 +0000 (14:42 +0200)]
implemented the PEAP tunneling protocol as an EAP plugin

9 years agoadded get|set_identifier() methods to eap_tnc_t
Andreas Steffen [Wed, 6 Apr 2011 05:50:42 +0000 (07:50 +0200)]
added get|set_identifier() methods to eap_tnc_t

9 years agoadded EAP identifier to debug output
Andreas Steffen [Tue, 5 Apr 2011 18:53:46 +0000 (20:53 +0200)]
added EAP identifier to debug output

9 years agoadded get|set_identifier() methods to eap_tls_t and eap_ttls_t
Andreas Steffen [Tue, 5 Apr 2011 16:35:22 +0000 (18:35 +0200)]
added get|set_identifier() methods to eap_tls_t and eap_ttls_t

9 years agoadded TLS_PURPOSE_EAP_PEAP
Andreas Steffen [Tue, 5 Apr 2011 16:16:28 +0000 (18:16 +0200)]
added TLS_PURPOSE_EAP_PEAP

9 years agoimplemented get|set_identifier() for tls_eap_t
Andreas Steffen [Tue, 5 Apr 2011 16:14:58 +0000 (18:14 +0200)]
implemented get|set_identifier() for tls_eap_t

9 years agoeap_packet_t definition moved to libstrongswan/eap/eap.h
Andreas Steffen [Tue, 5 Apr 2011 16:04:45 +0000 (18:04 +0200)]
eap_packet_t definition moved to libstrongswan/eap/eap.h

9 years agoadded EAP PEAP and MSTLV protocols
Andreas Steffen [Tue, 5 Apr 2011 15:59:49 +0000 (17:59 +0200)]
added EAP PEAP and MSTLV protocols

9 years agoimplemented get|set_identifier() for eap_sim_t
Andreas Steffen [Tue, 5 Apr 2011 15:01:28 +0000 (17:01 +0200)]
implemented get|set_identifier() for eap_sim_t

9 years agoMigrated eap_sim plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 14:12:38 +0000 (16:12 +0200)]
Migrated eap_sim plugin to INIT/METHOD macros

9 years agoimplemented get|set_identifier() for eap_radius_t
Andreas Steffen [Tue, 5 Apr 2011 13:57:00 +0000 (15:57 +0200)]
implemented get|set_identifier() for eap_radius_t

9 years agostore EAP identifier on peer side
Andreas Steffen [Tue, 5 Apr 2011 13:45:51 +0000 (15:45 +0200)]
store EAP identifier on peer side

9 years agoimplemented get|set_identifier() for eap_aka_t
Andreas Steffen [Tue, 5 Apr 2011 13:38:54 +0000 (15:38 +0200)]
implemented get|set_identifier() for eap_aka_t

9 years agoAdded support for DES_ECB to af-alg, required for eap-mschapv2
Martin Willi [Tue, 5 Apr 2011 13:11:17 +0000 (15:11 +0200)]
Added support for DES_ECB to af-alg, required for eap-mschapv2

9 years agoMigrated eap_aka plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 13:20:22 +0000 (15:20 +0200)]
Migrated eap_aka plugin to INIT/METHOD macros

9 years agoimplemented get|set_identifier() for eap_gtc_t
Andreas Steffen [Tue, 5 Apr 2011 12:47:19 +0000 (14:47 +0200)]
implemented get|set_identifier() for eap_gtc_t

9 years agoMigrated eap_gtc plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:44:26 +0000 (14:44 +0200)]
Migrated eap_gtc plugin to INIT/METHOD macros

9 years agoimplemented get|set_identifier() for eap_mschapv2_t
Andreas Steffen [Tue, 5 Apr 2011 12:44:09 +0000 (14:44 +0200)]
implemented get|set_identifier() for eap_mschapv2_t

9 years agoMigrated eap_mschapv2 plugin to INIT/METHOD macros
Andreas Steffen [Tue, 5 Apr 2011 12:23:59 +0000 (14:23 +0200)]
Migrated eap_mschapv2 plugin to INIT/METHOD macros

9 years agoimplemented get|set_identifier() for eap_identity_t and eap_md5_t
Andreas Steffen [Tue, 5 Apr 2011 12:22:58 +0000 (14:22 +0200)]
implemented get|set_identifier() for eap_identity_t and eap_md5_t

9 years agolog the EAP identifier also for vendor specific EAP methods
Andreas Steffen [Tue, 5 Apr 2011 11:57:37 +0000 (13:57 +0200)]
log the EAP identifier also for vendor specific EAP methods

9 years agolog the initial value of the EAP identifier
Andreas Steffen [Tue, 5 Apr 2011 11:54:26 +0000 (13:54 +0200)]
log the initial value of the EAP identifier

9 years agoadded get_identifier() and set_identifier() methods
Andreas Steffen [Tue, 5 Apr 2011 11:31:32 +0000 (13:31 +0200)]
added get_identifier() and set_identifier() methods

9 years agoMigrated eap_sim_pcsc plugin to INIT/METHOD macros
Martin Willi [Mon, 4 Apr 2011 07:31:45 +0000 (09:31 +0200)]
Migrated eap_sim_pcsc plugin to INIT/METHOD macros

9 years agoSlightly reformatted SIM pcsc code
Martin Willi [Mon, 4 Apr 2011 07:21:54 +0000 (09:21 +0200)]
Slightly reformatted SIM pcsc code

9 years agoAdded SIM card backend based on pcsc-lite
Duncan Salerno [Mon, 4 Apr 2011 06:51:50 +0000 (08:51 +0200)]
Added SIM card backend based on pcsc-lite

9 years agoAdded alloc/stream options to fetcher test utility
Martin Willi [Fri, 1 Apr 2011 09:40:18 +0000 (11:40 +0200)]
Added alloc/stream options to fetcher test utility

9 years agoAdded support for FETCH_CALLBACK to soup fetcher
Martin Willi [Fri, 1 Apr 2011 09:30:35 +0000 (11:30 +0200)]
Added support for FETCH_CALLBACK to soup fetcher

9 years agoSupport FETCH_CALLBACK in curl fetcher
Martin Willi [Fri, 1 Apr 2011 09:01:42 +0000 (11:01 +0200)]
Support FETCH_CALLBACK in curl fetcher

9 years agoAdded a new FETCH_CALLBACK option to fetch data without allocation
Martin Willi [Fri, 1 Apr 2011 08:30:42 +0000 (10:30 +0200)]
Added a new FETCH_CALLBACK option to fetch data without allocation

9 years agoMigrated fetcher_manager to INIT/METHOD macros
Martin Willi [Fri, 1 Apr 2011 08:26:24 +0000 (10:26 +0200)]
Migrated fetcher_manager to INIT/METHOD macros

9 years agoversion bump to 4.5.2dr4
Andreas Steffen [Sat, 2 Apr 2011 05:46:16 +0000 (07:46 +0200)]
version bump to 4.5.2dr4

9 years agoupdated ikev2/rw-eap-tnc scenarios
Andreas Steffen [Fri, 1 Apr 2011 17:44:25 +0000 (19:44 +0200)]
updated ikev2/rw-eap-tnc scenarios

9 years agoInstall systemd service file if systemd is available
Miklos Vajna [Mon, 28 Mar 2011 18:04:00 +0000 (20:04 +0200)]
Install systemd service file if systemd is available

9 years agolog TNC PEP decision with level 0
Andreas Steffen [Fri, 25 Mar 2011 11:48:45 +0000 (12:48 +0100)]
log TNC PEP decision with level 0

9 years agoIncrease whitelist message identity buffer to 128 bytes
Martin Willi [Wed, 23 Mar 2011 13:16:13 +0000 (14:16 +0100)]
Increase whitelist message identity buffer to 128 bytes

9 years agoFix order of PURGE_* flags to be compatible with STROKE_PURGE_* keywords
Martin Willi [Wed, 23 Mar 2011 08:28:40 +0000 (09:28 +0100)]
Fix order of PURGE_* flags to be compatible with STROKE_PURGE_* keywords

9 years agoMake availability of glob(3) optional in settings_t.
Tobias Brunner [Tue, 22 Mar 2011 18:17:51 +0000 (19:17 +0100)]
Make availability of glob(3) optional in settings_t.

If glob(3) is not available just try to open the pattern as regular
file. The reason for this change is that glob(3) is not available on Android.

9 years agoMake sure that files included in settings_t are regular files.
Tobias Brunner [Tue, 22 Mar 2011 18:16:19 +0000 (19:16 +0100)]
Make sure that files included in settings_t are regular files.

9 years agoDefine PLUGINDIR in Android.mk even though it is currently not used.
Tobias Brunner [Tue, 22 Mar 2011 16:37:19 +0000 (17:37 +0100)]
Define PLUGINDIR in Android.mk even though it is currently not used.

The combined plugin loader requires PLUGINDIR to be defined.

9 years agoFile lists in Android.mk files updated to those in the Makefiles.
Tobias Brunner [Tue, 22 Mar 2011 16:36:23 +0000 (17:36 +0100)]
File lists in Android.mk files updated to those in the Makefiles.

9 years agoFall back to _LINUX_CAPABILITY_VERSION if no explicit version is defined.
Tobias Brunner [Tue, 22 Mar 2011 16:33:29 +0000 (17:33 +0100)]
Fall back to _LINUX_CAPABILITY_VERSION if no explicit version is defined.

This is the case on Android.

9 years agoredirect debug output of imc/imv pairs to syslog
Andreas Steffen [Sat, 19 Mar 2011 22:23:52 +0000 (23:23 +0100)]
redirect debug output of imc/imv pairs to syslog

9 years agosome changes to the ikev2/rw-eap-tnc-11|20 scenarios
Andreas Steffen [Sat, 19 Mar 2011 15:48:06 +0000 (16:48 +0100)]
some changes to the ikev2/rw-eap-tnc-11|20 scenarios

9 years agoTNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message
Andreas Steffen [Sat, 19 Mar 2011 15:43:22 +0000 (16:43 +0100)]
TNC server did not issue a TNC_CONNECTION_STATE_HANDSHAKE NotifyConnection message

9 years agoaf-alg plugin does not require hmac and xcbc plugins
Andreas Steffen [Fri, 18 Mar 2011 08:54:59 +0000 (09:54 +0100)]
af-alg plugin does not require hmac and xcbc plugins

9 years agoadded duplicheck.enable and whitelist.enable options to strongswan.conf man page
Andreas Steffen [Fri, 18 Mar 2011 07:01:09 +0000 (08:01 +0100)]
added duplicheck.enable and whitelist.enable options to strongswan.conf man page

9 years agoadded af-alg-ikev1/alg-camellia scenario
Andreas Steffen [Fri, 18 Mar 2011 06:39:21 +0000 (07:39 +0100)]
added af-alg-ikev1/alg-camellia scenario

9 years agoadded af-alg-ikev2/alg-camellia scenario
Andreas Steffen [Fri, 18 Mar 2011 06:34:48 +0000 (07:34 +0100)]
added af-alg-ikev2/alg-camellia scenario

9 years agoadded the af-alg-ikev1/rw-cert scenario
Andreas Steffen [Thu, 17 Mar 2011 22:16:41 +0000 (23:16 +0100)]
added the af-alg-ikev1/rw-cert scenario

9 years agoadded the af-alg-ikev2/rw-cert scenario
Andreas Steffen [Thu, 17 Mar 2011 21:55:26 +0000 (22:55 +0100)]
added the af-alg-ikev2/rw-cert scenario

9 years agobuild the af-alg plugin in the UML test environment
Andreas Steffen [Thu, 17 Mar 2011 21:53:09 +0000 (22:53 +0100)]
build the af-alg plugin in the UML test environment

9 years agoinclude linux/if_alg.h in the strongSwan distribution
Andreas Steffen [Thu, 17 Mar 2011 21:52:04 +0000 (22:52 +0100)]
include linux/if_alg.h in the strongSwan distribution

9 years agoversion bump to 4.5.2dr3
Andreas Steffen [Thu, 17 Mar 2011 19:24:44 +0000 (20:24 +0100)]
version bump to 4.5.2dr3

9 years agoadded NEWS for 4.5.2dr2 release
Andreas Steffen [Thu, 17 Mar 2011 19:24:00 +0000 (20:24 +0100)]
added NEWS for 4.5.2dr2 release

9 years agoAdded a strongswan.conf "enabled" option for duplicheck plugin
Martin Willi [Thu, 17 Mar 2011 16:34:11 +0000 (17:34 +0100)]
Added a strongswan.conf "enabled" option for duplicheck plugin

9 years agoAdded strongswan.conf and runtime option to enable/disable whitelist plugin
Martin Willi [Thu, 17 Mar 2011 16:15:16 +0000 (17:15 +0100)]
Added strongswan.conf and runtime option to enable/disable whitelist plugin

9 years agoMove establish/inherit of rekeyed IKE_SAs to delete messages
Martin Willi [Tue, 15 Mar 2011 14:20:09 +0000 (15:20 +0100)]
Move establish/inherit of rekeyed IKE_SAs to delete messages

Having the inherit() function delayed to the IKE_SA establish procedure
was problematic. The task destroy function was never a good place and
results in locking/cleanup problems. After establishing the SA, it
should be really checked in ASAP to avoid any triggered DPD checks
to get lost.

9 years agoWrap IKE delete after rekey into rekey task for responder, too
Martin Willi [Tue, 15 Mar 2011 10:51:53 +0000 (11:51 +0100)]
Wrap IKE delete after rekey into rekey task for responder, too

9 years agoDo not invoke processor restart() if not required
Martin Willi [Tue, 15 Mar 2011 10:48:19 +0000 (11:48 +0100)]
Do not invoke processor restart() if not required

Doing so might result in a deadlock during shutdown if a delayed
restart is locked on the bus during the debug statement.

9 years agoMigrated ike_rekey task to INIT/METHOD macros
Martin Willi [Tue, 15 Mar 2011 10:30:02 +0000 (11:30 +0100)]
Migrated ike_rekey task to INIT/METHOD macros

9 years agofixed asn1_oid_from_string(), allowing it to handle up to 32 bit node numbers
Andreas Steffen [Sat, 12 Mar 2011 12:46:14 +0000 (13:46 +0100)]
fixed asn1_oid_from_string(), allowing it to handle up to 32 bit node numbers

9 years agofixed parsing of X.509 certificatePolicies
Andreas Steffen [Fri, 11 Mar 2011 11:38:00 +0000 (12:38 +0100)]
fixed parsing of X.509 certificatePolicies

9 years agoadded tcg-at-tpmIdLabel OID
Andreas Steffen [Fri, 11 Mar 2011 10:48:46 +0000 (11:48 +0100)]
added tcg-at-tpmIdLabel OID

9 years agooutput unknown OIDs in dot string notation
Andreas Steffen [Fri, 11 Mar 2011 10:48:22 +0000 (11:48 +0100)]
output unknown OIDs in dot string notation

9 years agoversion bump to 4.5.2dr2
Andreas Steffen [Fri, 11 Mar 2011 08:12:13 +0000 (09:12 +0100)]
version bump to 4.5.2dr2

9 years agoadded NEWS for the 4.5.2dr1 release
Andreas Steffen [Fri, 11 Mar 2011 08:11:37 +0000 (09:11 +0100)]
added NEWS for the 4.5.2dr1 release

9 years agofixed asn1_oid_to_string() conversion
Andreas Steffen [Wed, 9 Mar 2011 14:35:35 +0000 (15:35 +0100)]
fixed asn1_oid_to_string() conversion

9 years agoUse a boolean expression for refcount check, fixes refcounting if bool is a signed...
Martin Willi [Wed, 9 Mar 2011 06:52:13 +0000 (07:52 +0100)]
Use a boolean expression for refcount check, fixes refcounting if bool is a signed char

9 years agoMigrated sim_manager to INIT/METHOD macros
Martin Willi [Tue, 8 Mar 2011 14:02:42 +0000 (15:02 +0100)]
Migrated sim_manager to INIT/METHOD macros

9 years agoProtect sim card/provider/hook (un-)registration with a rwlock
Martin Willi [Tue, 8 Mar 2011 13:52:47 +0000 (14:52 +0100)]
Protect sim card/provider/hook (un-)registration with a rwlock

9 years agoSplitted sim_manager.h header to sim_{card,provider,hooks}.h
Martin Willi [Tue, 8 Mar 2011 13:17:53 +0000 (14:17 +0100)]
Splitted sim_manager.h header to sim_{card,provider,hooks}.h

9 years agodefined some TCG attribute OIDs
Andreas Steffen [Tue, 8 Mar 2011 06:27:00 +0000 (07:27 +0100)]
defined some TCG attribute OIDs

9 years agosupport of RSAES-OAEP public keys
Andreas Steffen [Tue, 8 Mar 2011 06:03:22 +0000 (07:03 +0100)]
support of RSAES-OAEP public keys

9 years agoadded id-RSAES-OAEP and id-pSpecified OIDs
Andreas Steffen [Mon, 7 Mar 2011 21:46:28 +0000 (22:46 +0100)]
added id-RSAES-OAEP and id-pSpecified OIDs

9 years agoinitiate or route all child configs if they have different names from their parent...
Andreas Steffen [Fri, 4 Mar 2011 06:02:03 +0000 (07:02 +0100)]
initiate or route all child configs if they have different names from their parent peer config

9 years agoAlign netlink attributes properly if rta_len not a multiple of RTA_ALIGNTO
Martin Willi [Wed, 2 Mar 2011 15:06:13 +0000 (16:06 +0100)]
Align netlink attributes properly if rta_len not a multiple of RTA_ALIGNTO

9 years agoinitiate or route child configs which don't have a peer config of the same name
Andreas Steffen [Tue, 1 Mar 2011 21:24:19 +0000 (22:24 +0100)]
initiate or route child configs which don't have a peer config of the same name

9 years agoput DN in double quotes
Andreas Steffen [Fri, 18 Feb 2011 16:36:18 +0000 (17:36 +0100)]
put DN in double quotes

9 years agocorrected pkcs11 error message
Andreas Steffen [Fri, 18 Feb 2011 16:32:48 +0000 (17:32 +0100)]
corrected pkcs11 error message

9 years agoImplemented permanent certificate coupling plugin
Martin Willi [Mon, 21 Feb 2011 13:05:21 +0000 (13:05 +0000)]
Implemented permanent certificate coupling plugin

9 years agoUpdate duplicheck entry during IKE rekeying
Martin Willi [Mon, 28 Feb 2011 14:49:50 +0000 (14:49 +0000)]
Update duplicheck entry during IKE rekeying

9 years agoRemove entry from active duplicate list only if it was not in checking
Martin Willi [Tue, 22 Feb 2011 10:16:13 +0000 (11:16 +0100)]
Remove entry from active duplicate list only if it was not in checking

9 years agoAdded an example application listening to duplicheck notifications
Martin Willi [Wed, 9 Feb 2011 15:28:31 +0000 (16:28 +0100)]
Added an example application listening to duplicheck notifications

9 years agoNotify duplicate detections over a UNIX sockets to listening applications
Martin Willi [Wed, 9 Feb 2011 15:15:21 +0000 (16:15 +0100)]
Notify duplicate detections over a UNIX sockets to listening applications

9 years agoAdded an advanced duplicate checking plugin with liveness check of old SA
Martin Willi [Wed, 9 Feb 2011 14:04:21 +0000 (15:04 +0100)]
Added an advanced duplicate checking plugin with liveness check of old SA

9 years agoInvert check to delete unestablished IKE_SAs to not delete them once established
Martin Willi [Wed, 9 Feb 2011 14:03:08 +0000 (15:03 +0100)]
Invert check to delete unestablished IKE_SAs to not delete them once established

9 years agoAdded whitelist plugin NEWS
Martin Willi [Tue, 8 Feb 2011 08:40:14 +0000 (09:40 +0100)]
Added whitelist plugin NEWS

9 years agoAdded a whitelist command line utility to control whitelist plugin
Martin Willi [Thu, 3 Feb 2011 16:06:40 +0000 (17:06 +0100)]
Added a whitelist command line utility to control whitelist plugin

9 years agoAdded a UNIX socket based control backend to whitelist plugin
Martin Willi [Thu, 3 Feb 2011 13:37:45 +0000 (14:37 +0100)]
Added a UNIX socket based control backend to whitelist plugin

9 years agoImplemented a in-memory peer identity whitelist plugin
Martin Willi [Thu, 3 Feb 2011 12:38:13 +0000 (13:38 +0100)]
Implemented a in-memory peer identity whitelist plugin